Funnull Polyfill supply chain attack

Type

Campaign

Actors

🏓Funnull

Pub. date

June 25, 2024

Initial access

Insider threatSupply chain vector

Impact

Supply chain attackDefacement

References

https://sansec.io/research/polyfill-supply-chain-attackhttps://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/https://twitter.com/malwrhunterteam/status/1806593621711286503https://x.com/mdmck10/status/1806349965733544160

Status

Finalized

Last edited

Jun 30, 2024 9:11 AM

A Chinese company named Funnull acquired the Polyfill domain and GitHub repo, and inserted malware into polyfill.js that redirected users to gambling websites. Further pivoting revealed that Funnull had exposed a CloudFlare API key that linked the company to several CDN providers which were also serving malicious scripts.